Drone Kubernetes Runner appending CA Certificate

1/18/2022

I have a Microk8s cluster running gitea, harbor and droneci. Everything is hosted under *.dev.mydomain.com and there is a wildcard certificate for that. The certificate is signed using a private CA.

I'm trying to push the CA certificate to the Pods running the Drone CI builds such that they can push/pull from Gitea and Harbor while also being able to connect to external sources to (to fetch other docker images from dockerhub for example).

DroneCI and the drone runner are installed using Helm. I have tried the following in the values.yaml file for the runner:

DRONE_RUNNER_VOLUMES: "/sslcerts:/etc/ssl/certs"

This overwrites the /etc/ssl/certs/ folder in the runner pod. Any requests made from the pod to harbor or gitea work, any requests to anything else fail with error x509 certificate signed by unknown authority

I also tried

DRONE_RUNNER_VOLUMES: "/sslcerts/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt"

This returned the error mounting "/sslcerts/ca-certificates.crt" to rootfs at "/etc/ssl/certs/ca-certificates.crt" caused: mount through procfd: not a directory: unknown"

Any ideas on how to go about what I'm trying to do? Thanks!

-- Constantine Loukas
drone.io
kubernetes
ssl

0 Answers